General
-
Target
XPSFixer.exe
-
Size
73KB
-
Sample
240509-d5pv1agd7t
-
MD5
2445f274e0a44f5606db9db9e7f846cd
-
SHA1
2f35df180608ac170546b861ed80ead800493e7b
-
SHA256
38c85281a7cfac3eb2022e8eb37b4b0f371bcfc6387e06602047febe0fe187d6
-
SHA512
d5d45626cb598d41d7c69f14e16194a4b64b8f72c462e928026553b0e14fed023648f6f7b7fdaa51055a02dc7f319dd5a8eac21517c12918cc509ac5d2ccd335
-
SSDEEP
768:GvjBUWiCoEsC4Vg8cxmKNVW09J6Eqxid2eOjebdub+bfW8vAzlf0YfDDn9Q78eyh:qBUWiCoRLoLWA6Eqy254ub+668jLhfS
Static task
static1
Behavioral task
behavioral1
Sample
XPSFixer.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
XPSFixer.exe
-
Size
73KB
-
MD5
2445f274e0a44f5606db9db9e7f846cd
-
SHA1
2f35df180608ac170546b861ed80ead800493e7b
-
SHA256
38c85281a7cfac3eb2022e8eb37b4b0f371bcfc6387e06602047febe0fe187d6
-
SHA512
d5d45626cb598d41d7c69f14e16194a4b64b8f72c462e928026553b0e14fed023648f6f7b7fdaa51055a02dc7f319dd5a8eac21517c12918cc509ac5d2ccd335
-
SSDEEP
768:GvjBUWiCoEsC4Vg8cxmKNVW09J6Eqxid2eOjebdub+bfW8vAzlf0YfDDn9Q78eyh:qBUWiCoRLoLWA6Eqy254ub+668jLhfS
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-